The Impact of Visibility on the Right to Opt-out of Sale under CCPA

The California Consumer Protection Act (CCPA) gives users the right to opt-out of sale of their personal information, but prior work has found that opt-out mechanisms provided under this law result in very low opt-out rates. Privacy signals offer a solution for users who are willing to proactively take steps to enable privacy-enhancing tools, but many users are not aware of their rights under CCPA. We therefore explore an alternative approach to enhancing privacy under CCPA: increasing the visibility of opt-out of sale mechanisms. We conduct an user study with 54 participants and find that visible, standardized banners significantly increase opt-out of sale rates in the wild. Participants also report less difficulty opting out and more satisfaction with opt-out mechanisms compared to the native mechanisms currently provided by websites. Our results suggest that effective privacy regulation depends on imposing clear, enforceable visibility standards, and that CCPA's requirements for opt-out of sale mechanisms fall short.